GLOSSARY 


access control list (ACL) — A list of all security 
descriptors that have been set up for a particular 
object, such as for a shared folder or a shared printer. 

access server — A device that connects several different 
types of communications devices and telecommunica- 
tion lines to a network, providing network routing for 
these types of communications. 

account lockout — A security measure that prohibits 
logging on to a Windows 2000 server account after a 
specified number of unsuccessful attempts. 

Active Directory — A Windows 2000 database of com- 
puters, users, shared printers shared folders, and other 
network resources and resource groupings that is used 
to manage a network and enable users to quickly find 
a particular resource. 

active partition — The partition from which a 
computer boots. 

Address Resolution Protocol (ARP) — A protocol in 
the TCP/IP suite that enables a sending station to 
determine the MAC address of another station on a 
network. 

aggregate link — Linking two or more communications 
channels, such as ISDN channels, so that they appear as 
one channel, but with the combined speed of all chan- 
nels in the aggregate. 

alert — A warning of a specific Windows 2000 Server 
system or network event. The warning is sent to desig- 
nated users. 

answer file — A text file that contains a complete set of 
instructions for installing Windows 2000 in the unat- 
tended mode. 

AppleTalk — A peer-to-peer protocol used in network 
communication between Macintosh computers. 

application log — An event log that records information 
about how software applications are performing. 

application program interface (API) — Functions or 
programming features in a system that programmers can 
use for network links, links to messaging services, or 
interfaces to other systems. 

attribute — A characteristic associated with a folder or file 
used to help manage access and backups. 

auditing — Tracking the success or failure of events by 
recording selected types of events in an event log of a 
server or a workstation. 

backup browser — A computer in a domain or work- 
group that maintains a static list of domain/workgroup 
resources to provide to clients browsing the network. 
The backup browser periodically receives updates to the 
browse list from the master browser. 


Bandwidth Allocation Control Protocol (BACP) — 
Similar to BAP, but is able to select a preferred client 
when two or more clients vie for the same bandwidth. 

Bandwidth Allocation Protocol (BAP) — A protocol 
that works with Multilink in Windows 2000 Server to 
enable the bandwidth or speed of a remote connection 
to be allocated on the basis of the needs of an applica- 
tion, with the maximum allocation equal to the maxi- 
mum speed of all channels aggregated via Multilink. 

base priority class — The initial priority assigned to a 
program process or thread in the program code by 
Windows 2000 when the program is started. 

basic disk — In Windows 2000, a partitioned disk that 
can have up to four partitions and that uses logical 
drive designations. This type of disk is compatible with 
MS-DOS, Windows 3.x, Windows 95, Windows 98, 
Windows NT, and Windows 2000. 

basic input/output system (BIOS) — A program on a 
read-only or flash memory chip that establishes basic 
communication with components such as the monitor 
and disk drives. The advantage of a flash chip is that you 
can update the BIOS. 

benchmark — A measurement standard for hardware or 
software used to establish performance baselines under 
varying loads or circumstances. Also called a baseline. 

bidirectional printing — Ability of a parallel printer to 
conduct two-way communication between the printer 
and the computer, for example to provide out-of-paper 
information; supports Plug and Play and enables an 
operating system to query a printer about its capabilities. 

bits per second (bps) — Number of binary bits (0s or 1s) 
sent in one second, a measure used to gauge network, 
modem, and telecommunications speeds. 

boot partition — Holds the Windows 2000 Server 
\Winnt folder containing the system files. 

bridge — A network transmission device that connects 
different LAN segments using the same access method, 
for example connecting an Ethernet LAN to another 
Ethernet LAN. Bridge devices look at MAC addresses 
(OSI Layer 2) but do not look at routing information 
(Layer 3) in a frame. 

broadcast — A transmission that sends one copy of 
each frame to all points on a network, regardless of 
whether a recipient has requested communication 
with the sender. 

bus — A pathway in a computer used to transmit informa- 
tion. This pathway is used to send CPU instructions and 
other data being transferred within the computer. 
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bus mastering — A process that reduces the reliance on 
the CPU for input/output activities on a computer's 
bus. Interface cards that have bus mastering can take 
control of the bus for faster data flow. 

cache — Storage used by a computer system to house fre- 
quently used data in quickly accessed storage, such as 
memory. 

cache timeout — The amount of time that a Dfs shared 
folder is retained in the client operating system’s cache 
for fast access. 

callback security — Used for remote communications 
verification; the remote server calls back the accessing 
workstation to verify that the access is from an autho- 
rized telephone number. 

capture buffer — The amount of RAM and virtual 
memory that is used to store data captured by Network 
Monitor. 

certificate — An encrypted set of information associated with 
a workstation that is equivalent to a unique digital finger- 
print and that is used to authenticate logon to a server, such 
as a Web server. 

Challenge Handshake Authentication Protocol 
(CHAP) — An encrypted handshake protocol designed 
for standard IP- or PPP-based exchange of passwords. It 
provides a reasonably secure, standard, cross-platform 
method for sender and receiver to negotiate a connection. 

CHAP with Microsoft extensions (MS-CHAP) — A 
Microsoft-enhanced version of CHAP that can negoti- 
ate encryption levels and that uses the highly secure 
RSA RC4 encryption algorithm to encrypt communi- 
cations between client and host. 

CHAP with Microsoft extensions version 2 
(MS-CHAP v2) — An enhancement of MS-CHAP 
that provides better authentication and data encryption 
and that is especially well suited for VPNs. 

client — A computer that accesses resources on another 
computer via a network or by a direct connection. 

client access license (CAL) — A license to enable a 
workstation to connect to Windows 2000 Server as a 
client. 

clock speed — Rate at which the CPU sends bursts of 
data through a computer’s buses. 

clustering — The ability to share the computing load and 
resources by linking two or more discrete computer sys- 
tems together to function as though they were one. 

common name (CN) — The most basic name of an 
object in the Active Directory, such as the name of a 
printer. 

community name — In SNMP communications, a pass- 
word used by network agents and the network manage- 
ment station so that their communications cannot be 
easily intercepted by an unauthorized workstation or 
device. 

compact disc (CD-ROM) — A ROM medium that typ- 
ically holds up to 1 GB of information. 

compact disc file system (CDFS) — A 32-bit file sys- 
tem used on standard capacity CD-ROMs. 


Component Object Model (COM) — Standards that 
enable a software object, such as a graphic, to be linked 
from one software component into another one. COM 
is the foundation that makes object linking and embed- 
ding (OLE) possible. 

connection-oriented communication — Also called a 
connection-oriented service, this service provides several 
ways to ensure that data is successfully received at the 
destination, such as requiring an acknowledgment of 
receipt and using a checksum to make sure the packet 
or frame contents are accurate. 

connectionless communication — Also called a con- 
nectionless service, a communication service that pro- 
vides no checks (or minimal checks) to make sure that 
data accurately reaches the destination node. 

contiguous namespace — A namespace in which every 
child object contains the name of its parent object. 

counter — Used by System Monitor, this is a measure- 
ment technique for an object, for example, for measur- 
ing the processor performance by percentage in use. 

cyclic redundancy check (CRC) — An error-checking 
technique used in network protocols to signal a com- 
munications problem. 

data communications equipment (DCE) — A device 
that converts data from a DTE, such as a computer, to 
be transmitted over a telecommunications line. 

Data Link Control protocol (DLC) — Available 
through Microsoft Windows 2000, Windows NT, 
Windows 95, and Windows 98, this protocol enables 
communication with an IBM mainframe or 
minicomputer. 

data terminal equipment (DTE) — A computer or 
computing device that prepares data to be transmitted 
over a telecommunications line to which it attaches by 
using a DCE, such as a modem. 

data transfer rate — Speed at which data moves through 
the disk controller along the data channel to a disk drive. 

data type — Way in which information is formatted in a 
print file. 

date stamp — Documents, files, and other important 
information are permanently imprinted by a date stamp 
to record their creation date and time, and to record 
modification dates and times. 

default gateway — A computer or router that forwards a 
network communication from one network to another, 
acting as a gateway between networks. 

defragmentation — A software process that rearranges 
data to fill in the empty spaces that develop on disks 
and make data easier to obtain. 

device address — Same as physical address. 

Dfs link — A path that is established between a shared 
folder in a domain and a Dfs root. 

Dfs root — The main Active Directory container that 
holds Dfs links to shared folders in a domain. 

Dfs topology — Applies to a domain-based Dfs model 
and encompasses the Dfs root, Dfs links to the root, and 
servers on which the Dfs structure is replicated. 


DHCP Relay Agent — A server, such as a RAS or VPN 
server, or computer that broadcasts IP configuration 
information between the DHCP server on a network 
and the client acquiring an address. 

digital subscriber line (DSL) — A technology that uses 
advanced modulation technologies on regular telephone 
lines for high-speed networking at speeds of up to 
60 Mbps between subscribers and a telecommunications 
company. 

digital video disc (DVD-ROM) — Also called digital 
versatile disk, a ROM medium that can hold from 4.7 
to 17 GB of information. 

Directory Service Client (DSClient) — Microsoft soft- 
ware for Windows 95 and higher clients that connect to 
Windows 2000 Server that enables non-Windows-2000 
clients to use Kerberos authentication security and to 
view information published in the Windows 2000 Active 
Directory, such as all network printers. 

Directory Service log — Records events that are associ- 
ated with the Active Directory, such as updates to the 
Active Directory, events related to the Active 
Directory’s database, replication events, and startup and 
shutdown events. 

disjointed namespace — A namespace in which the 
child object name does not resemble the name of its 
parent object. 

disk access time — Amount of time it takes for a disk 
drive to read or write data by moving a read/write head 
to the location of the data. 

disk duplexing — A fault-tolerance method similar to 
disk mirroring in that it prevents data loss by duplicating 
data from a main disk to a backup disk; but disk duplex- 
ing places the backup disk on a different controller or 
adapter than is used by the main disk. 

disk fragmentation — A normal and gradual process in 
which files become spread throughout a disk, and empty 
pockets of space develop between files. 

disk mirroring — A fault-tolerance method that prevents 
data loss by duplicating data from a main disk to a 
backup disk. Some operating systems also refer to this 
as disk shadowing. 

disk quota — Allocating a specific amount of disk space to a 
user or application, with the ability to ensure that the user 
or application cannot use more disk space than is specified 
in the allocation. 

distinguished name (DN) — A name in the Active 
Directory that contains all hierarchical components of 
an object, such as that object’s organizational unit and 
domain, in addition to the object’s common name. The 
distinguished name is used by an Active Directory client 
to access a particular object, such as a printer. 

distributability — Dividing complex application program 
tasks among two or more computers. 

Distributed Component Object Model (DCOM) 
— A standard built upon COM to enable object linking 
to take place over a network. 
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Distributed File System (Dfs) — A system that enables 
folders shared from multiple computers to appear as 
though they exist in one centralized hierarchy of folders 
instead of on many different computers. 

distribution group — A list of Windows 2000 Server 
users that enables one e-mail message to be sent to all 
users on the list. A distribution group is not used for 
security and thus cannot appear in an ACL. 

DNS Server — A Microsoft service that resolves computer 
names to IP addresses and that resolves IP addresses to 
computer names. 

DNS Server log — An event log that provides informa- 
tion about events associated with the DNS Server, such 
as instances in which DNS information is updated, 
when there are problems with the DNS service, and 
when the DNS Server has started successfully after 
booting. 

domain — A grouping of resource objects, for example, 
servers and user accounts, that is one element of the 
Active Directory in Windows 2000 Server. A domain 
usually is a higher-level representation of how a busi- 
ness, government, or school is organized, for example 
reflecting a geographical site or major division of that 
organization. 

domain controller (DC) — A Windows 2000 server that 
contains a full copy of the Active Directory informa- 
tion, that is used to add a new object to the Active 
Directory, and that replicates all changes made to it so 
those changes are updated on every DC in the same 
domain. 

domain local security group — A group that is used to 
manage resources—shared folders and printers, for 
example—in its home domain, and that is primarily 
used to give global groups access to those resources. 

Domain Name Service (DNS) — A TCP/IP applica- 
tion protocol that resolves domain and computer names 
to IP addresses, or IP addresses to domain and 
computer names. 

dotted decimal notation — An addressing 
technique that uses four octets, such as 
100000110.11011110.1100101.00000101, converted to 
decimal (for example, 134.22.101.005), to differentiate 
individual servers, workstations, and other network 
devices. 

driver — Software that enables a computer to communi- 
cate with devices like network interface cards, printers, 
monitors, and hard disk drives. Each driver has a specific 
purpose, such as to handle network communications. 

driver signing — A digital signature that Microsoft incor- 
porates into driver and system files as a way to verify the 
files and to ensure that they are not inappropriately 
overwritten. 

dropped frames — Frames that are discarded because 
they are improperly formed, for example failing to meet 
the appropriate packet size. 

dual-boot system — A computer set up to boot from 
two or more different operating systems, such as 
Windows 2000 Server and MS-DOS. 
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dynamic addressing — An addressing method whereby 
an Internet Protocol (IP) address is assigned to a work- 
station without the need for the network administrator 
to manually set it up at a workstation. 

dynamic disk — In Windows 2000, a disk that does not 
use traditional partitioning, which means that there is no 
restriction to the number of volumes that can be set up 
on one disk or to the ability to extend volumes onto 
additional physical disks. Dynamic disks are only com- 
patible with Windows 2000. 

Dynamic Host Configuration Protocol (DHCP) — A 
network protocol that provides a way for a server to 
automatically assign an IP address to a workstation on its 
network. 

emergency repair disk (ERD) — A disk that contains 
repair, diagnostic, and backup information for use in 
case there is a problem with Windows 2000. 

Encrypting File System (EFS) — Set by an attribute 
of NTFS, this file system enables a user to encrypt the 
contents of a folder or a file so that it can only be 
accessed via private key code by the user who 
encrypted it. EFS adheres to the Data Encryption 
Standard’s expanded version for data protection. 

Enhanced Small Device Interface (ESDI) — An early 
device interface for computer peripherals and hard disk 
drives. 

enterprise network — A network that often reaches 
throughout a large area, such as a college campus, a city, 
or across several states. The main distinguishing factor of 
an enterprise network is that it brings together an array 
of network resources such as many kinds of servers, 
mainframes, intranets, printers, and the Internet. 

error checking and correcting memory (ECC) — 
Memory that can correct some types of memory prob- 
lems without causing computer operations to halt. 

Ethernet — A network transport system that uses a carrier 
sensing and collision detection method to regulate data 
transmissions. 

event log — One of several logs in which Windows 2000 
Server records information about server events, such as 
errors, warnings, or informational events. 

Extended Industry Standard Architecture (EISA) — 
A computer bus design that incorporates 32-bit com- 
munications within a computer. It is an industry stan- 
dard used by several computer manufacturers. 

extended partition — A partition that is created from 
unpartitioned free disk space and is linked to a primary 
partition in order to increase the available disk space. 

Extensible Authentication Protocol (EAP) — An 
authentication protocol employed by network clients 
that use special security devices such as smart cards, 
token cards, and others that use certificate authentication. 

fault tolerance — Techniques that employ hardware and 
software to provide assurance against equipment failures, 
computer service interruptions, and data loss. 

Fibre Channel — A high-speed method for connecting 
computer peripherals, such as disk drives, to servers and 


other host computers through copper and fiber-optic 
cable. Current implementations of Fibre Channel in 
Windows 2000 servers provide data transfer rates of up 
to 1 Gbps. 

File Allocation Table (FAT) file system — A file system 
based on the use of a file allocation table, a flat table that 
records the clusters used to store the data contained in 
each file stored on disk. FAT is used by several operating 
systems, including MS-DOS, Windows 95, Windows 98, 
and Windows 2000. 

file lock — Flagging a file so that it cannot be updated by 
more than one user at a time, giving the first user to 
access it the ability to perform an update. 

File Replication Service log — An event log that con- 
tains information about file replication events such as 
changes to file replication, when the service has started, 
and completed replication tasks. 

File Transfer Protocol (FTP) — Available through the 
TCP/IP protocol, FTP enables files to be transferred 
across a network or the Internet between computers or 
servers. 

filter — A capacity in network monitoring software that 
enables a network or server administrator to view only 
designated protocols, network events, network nodes, or 
other specialized views of the network. 

firmware — Software that is stored on a chip in a device, 
such as in a ROM chip, and that is used to control basic 
functions of the device such as communication with a 
disk drive. 

forest — A grouping of trees that each have contiguous 
namespaces within their own domain structure, but that 
have disjointed namespaces between trees. The trees and 
their domains use the same schema and global catalog. 

format — An operation that divides a disk into small sec- 
tions called tracks and sectors for the storage of files. 

formatting — A process that prepares a hard disk partition 
for a specific file system. 

forward lookup zone — A DNS zone or table that maps 
computer names to IP addresses. 

frame — A unit of data that is transmitted on a network; it 
contains control and address information, but not routing 
information. 

frame relay — A WAN communications technology that 
relies on packet switching and virtual connection tech- 
niques to transmit at from 56 Kbps to 45 Mbps. 

full backup — A backup of an entire system, including all 
system files, programs, and data files. 

full duplex — The capacity to send and receive signals 
at the same time. 

Gateway Service for NetWare (GSNW) — A service 
included with Windows NT and Windows 2000 Server 
that provides connectivity to NetWare resources, with 
the Windows NT or Windows 2000 server acting as a 
gateway. 

global catalog — A grand repository for all objects and 
the most frequently used attributes for each object in all 
domains. Each tree has one global catalog. 


global security group — A group that typically contains 
user accounts from its home domain, and that is a mem- 
ber of domain local groups in the same or other 
domains, so as to give that global group’s member 
accounts access to the resources defined to the domain 
local groups. 

globally unique identifier (GUID) — A unique num- 
ber, up to 16 characters long, that is associated with an 
Active Directory object. 

graphics device interface (GDI) — An interface on a 
Windows network print client that works with a local 
software application, such as Microsoft Word, and a local 
printer driver to format a file to be sent to a local printer 
or a network print server. 

half duplex — The ability to send or receive signals, but 
not simultaneously. 

handle — A resource, such as a file, used by a program that 
has its own identification so the program is able to 
access it. 

hard page fault — When a program does not have 
enough physical memory to execute a given function 
and must obtain information from disk. 

hardware abstraction layer (HAL) — A set of program 
routines that enables an operating system to control a 
hardware component, such as the processor, from within 
the operating system kernel. 

hardware compatibility list (HCL) — A list of computer 
hardware tested by Microsoft and determined to be com- 
patible with Windows 2000 Server. 

hardware profile — A consistent setup of hardware com- 
ponents associated with one or more user accounts. 

hibernate — A mode in which the computer components 
are shut down, and information in memory is automati- 
cally saved to disk before the disk is powered off. The 
power supply and CPU remain active, monitoring in 
order to startup all components when you press a key or 
move the mouse. 

Hierarchical Storage Management (HSM) — A storage 
management system that enables administrators to estab- 
lish storage policies, archiving techniques, and disk 
capacity planning through automated procedures and 
the coordinated use of different media, including tapes, 
CD-ROMs, hard drives, and Zip drives. 

hive — A set of related Registry keys and subkeys stored as 
a file. 

home folder or home directory — A server folder that is 
associated with a user’s account and that is a designated 
workspace for the user to store files. 

host address (A) resource record — A record in a DNS 
forward lookup zone that consists of a computer name 
correlated to an IP version 4 address. 

Hypertext Markup Language (HTML) — A formatting 
language that is used to enable documents and graphic 
images to be read on the World Wide Web. 

Hypertext Transfer Protocol (HTTP) — A protocol in 
the TCP/IP suite that transports HTML documents 
over the Internet (and through intranets) for access by 
Web-compliant browsers. 
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I/O address — The address in memory through which 
data is transferred between a computer component and 
the processor. 

incremental backup — A backup of new or changed files. 

Industry Standard Architecture (ISA) — An older 
expansion bus design dating back to the 1980s, support- 
ing 8-bit and 16-bit cards and with a data transfer rate 
of 8 MB per second. 

inherited permissions — Permissions of a parent object 
that also apply to child objects of the parent, for exam- 
ple to subfolders within a folder. 

inherited rights — User rights that are assigned to a 
group and that automatically apply to all members of 
that group. 

instance — Used by System Monitor, when there are 
two or more types of elements to monitor, such as 
two or more threads or disk drives. 

Integrated Device Electronics (IDE) — An inexpensive 
hard disk interface that is used on Intel-based computers 
from the 80286 to Pentium computers. 

Integrated Services Digital Network (ISDN) — A 
telecommunications standard for delivering data services 
over digital telephone lines with a current practical limit 
of 1.536 Mbps and a theoretical limit of 622 Mbps. 

intelligent input/output (1,0) — A computer commu- 
nications architecture that removes some of the I/O 
processing activities from the main processor to 140 
processors on peripherals designed for I4O architectures, 
such as hard disks. 7 

Internet Authentication Service (IAS) — Used to 
establish and maintain security for RAS, Internet, and 
VPN dial-in access, and can be employed with RADIUS. 
IAS can use certificates to authenticate client access. 

Internet Control Message Protocol (ICMP) — A 
TCP/IP-based protocol that is used for network error 
reporting, particularly through routing devices. 

Internet Group Management Protocol (IGMP) — 
Part of the TCP/IP protocol suite, the protocol that is 
used in multicasting and which contains addresses of 
clients. It is used by the server to tell a router which 
clients belong to the multicast group. 

Internet Information Services (IIS) — A Microsoft 
Windows 2000 Server component that provides Internet 
Web, FTP, mail, newsgroup, and other services, and par- 
ticularly the ability to set up a Web server. 

Internet Packet Exchange (IPX) — A protocol devel- 
oped by Novell for use with its NetWare server operat- 
ing system (see Sequence Packet Exchange). 

Internet Printing Protocol (IPP) — A protocol that is 
encapsulated in HTTP and that is used to print files 
over the Internet. 

Internet Server Application Programming Interface 
(ISAPI) — A group of dynamic-link library (DLL) files 
that consists of applications and filters to enable user- 
customized programs to interface with IIS and to trig- 
ger particular programs, such as a specialized security 
check or a database lookup. 
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interrupt request (IRQ) line — A hardware line that a 
computer component, such as a disk drive or serial port, 
uses to communicate to the processor that it is ready to 
send or receive information. Intel-based computers have 
16 IRQ lines, with 15 of those available for computer 
components to use. 

intranet — A private network within an organization. It 
uses the same Web-based software as the Internet, but is 
highly restricted from public access. 

IP security (IPSec) — A set of IP-based secure commu- 
nications and encryption standards created through the 
Internet Engineering Task Force (IETF). 

Kerberos — A security system developed by the 
Massachusetts Institute of Technology to enable two 
parties on an open network to communicate without 
interception from an intruder, by creating a unique 
encryption key for each communication session. 

Kerberos transitive trust relationship — A set of two- 
way trusts between two or more domains in which 
Kerberos security is used. 

kernel — An essential set of programs and computer code 
that allows a computer operating system to control 
processor, disk, memory, and other functions central to 
its basic operation. 

kernel mode — Protected environment in which the 
Windows 2000 operating system kernel runs, consisting 
of a protected memory area and privileges to directly 
execute system services, access the CPU, run I/O opera- 
tions, and conduct other basic operating system functions. 

key — A category of information contained in the 
Windows 2000 Registry, such as hardware or software. 

Last Known Good Configuration — The Windows 2000 
configuration that is stored in the Registry and that is the 
configuration in effect prior to making a system, driver, 
or configuration change since the last time the computer 
was booted. 

Layer Two Tunneling Protocol (L2TP) — A protocol 
that transports PPP over a VPN, an intranet, or the 
Internet. L2TP works similarly to PPTP, but unlike 
PPTP, L2TP uses an additional network communica- 
tions standard, called Layer Two Forwarding, that enables 
forwarding on the basis of MAC addressing. 

leaking memory — Failing to return memory for gen- 
eral use after a process is finished using a specific 
memory block. 

library — Removable storage media and the drive (or 
drives) used by the media. 

license monitoring — A process used on network servers 
to be certain the number of software licenses in use 
does not exceed the number for which the network is 
authorized. 

line device — A DCE, such as a modem or ISDN 
adapter, that connects to a telecommunications line. 

load balancing — On a single server, distributing 
resources across multiple server disk drives and paths 
for better server response; on multiple network servers, 


distributing resources across two or more servers for 
better server and network performance. 

local printing — Printing on the same computer to 
which print devices are attached. 

local security group — A group of user accounts that 
is used to manage resources on a standalone 
Windows 2000 server that is not part of a domain. 

local user profile — A desktop setup that is associated 
with one or more accounts to determine what startup 
programs are used, additional desktop icons, and other 
customizations. A user profile is local to the computer 
on which it is stored. 

local-only mode — A process of capturing and viewing 
the contents of only the frames and packets sent to and 
transmitted from a specific networked computer's or 
device’s NIC. 

logon script — A file that contains a series of commands 
to run each time a user logs on to his or her account, 
such as a command to map a home drive. 

management information base (MIB) — A database of 
network performance information that is stored on a 
network agent, which gathers information for a network 
management station, it stores parameters that can be 
configured remotely. 

mandatory user profile — A user profile set up by the 
server administrator that is loaded from the server to 
the client each time the user logs on; changes that the 
user makes to the profile are not saved. 

mapped folder or drive — A disk volume or folder that 
is shared on the network by a file server or workstation. 
It gives designated network workstations access to the 
files and data in its shared volume or folder. The worksta- 
tion, via software, determines a drive letter for the shared 
volume, which is the workstation’s map to the data. 

master boot record (MBR) — Data created in the first 
sector of a disk, containing startup information and 
information about disk partitions. 

master browser — On a Microsoft network, the com- 
puter designated to keep the main list of logged-on 
computers. 

master folder — The main folder that provides master 
files and folders for a Dfs root or link when replication 
is enabled. 

media access control (MAC) sublayer — A network 
communications function that examines physical address 
information in frames and controls the way devices 
share communications on a network. 

media pool — A set of removable media in which the 
media are used for the same purpose and are managed in 
the same way, such as backup tapes for a Windows 2000 
server. 

member server — A server that is a member of an 
existing Windows 2000 domain, but that does not 
function as a domain controller. 

Micro Channel Architecture (MCA) — A bus architec- 
ture that is used in older IBM Intel-based computers. It 
provides 32-bit communications within the computer. 


Microsoft Point-to-Point Encryption (MPPE) — A 
starting-to-ending-point encryption technique that uses 
special encryption keys varying in length from 40 to 
128 bits. 

mirrored volume — Two dynamic disks that are set up for 
RAID level 1 so that data on one disk is stored on a 
redundant disk. 

mixed mode — An Active Directory context in which 
there are both Windows NT 4.0 domain controllers 
(PDC and BDCs) and Windows 2000 Server domain 
controllers (DCs). 

modem — A modulator/demodulator that converts a 
transmitted digital signal to an analog signal for a tele- 
phone line. It also converts a received analog signal to a 
digital signal for use by a computer. 

mounted drive — A physical disk, CD-ROM, or Zip 
drive that appears as a folder and that is accessed 
through a path like any other folder. 

multicast — A transmission method in which a server 
divides recipients of an application, such as a multi- 
media application, into groups. Each data stream is a 
one-time transmission that goes to one group of multi- 
ple addresses, instead of sending a separate transmission 
to each address for each data stream. The result is less 
network traffic. 

Multilink or Multilink PPP — A capability of RAS to 
aggregate multiple data streams into one logical network 
connection for the purpose of using more than one 
modem, ISDN channel, or other communications line in 
a single logical connection. 

multimaster replication — In Windows 2000 Server, 
there can be multiple servers, called DCs that store the 
Active Directory and replicate it to each other. Because 
each DC acts as a master, replication does not stop 
when one is down, and updates to the Active Directory 
continue, for example creating a new account. 

multitasking — The capability of a computer to run two 
or more programs at the same time. 

multithreading — Running several program processes or 
parts (threads) at the same time. 

name resolution — A process used to translate a comput- 
ers domain name into the object that it represents, such 
as to a dotted decimal address associated with a computer, 
and vice versa. 

named pipes — A communications link between two 
processes, which may be local to the server or remote, 
for example, between the server and a workstation. 

namespace — A logical area on a network that contains 
directory services and named objects, and that has the 
ability to perform name resolution. 

native mode — An Active Directory context in which 
there are only Windows 2000 Server domain 
controllers (DCs). 

NetBIOS Extended User Interface (NetBEUI) — A 
communication protocol native to Microsoft network 
communications, an enhancement of NetBIOS, devel- 
oped for network peer-to-peer communication among 
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workstations with Microsoft operating systems installed 
on a local area network. 

NetWare Link (NWLink) — A network protocol that 
simulates the IPX/SPX protocol for Microsoft 
Windows 95, Windows 98, Windows NT, and 
Windows 2000 communication with Novell 
NetWare file servers and compatible devices. 

Network Basic Input/Output System (NetBIOS) — 
A combination software interface and a network nam- 
ing convention. It is available in Microsoft operating sys- 
tems through the file, NetBIOS.dll. 

network binding — A process that links a computer’s 
network interface card or a dial-up connection with 
one or more network protocols to achieve optimum 
communication with network services. For Microsoft 
operating systems, you should always bind a protocol to 
each NIC that is installed. 

Network Driver Interface Specification (NDIS) — A 
set of standards developed by Microsoft and 3COM for 
network drivers that enables communication between a 
NIC and a protocol, and that enables the use of multi- 
ple protocols on the same network. 

network interface card (NIC) — An adapter board 
designed to connect a workstation, server, or other net- 
work equipment to a network medium. 

Network Monitor — A Windows NT and Windows 2000 
network monitoring tool that can capture and display 
network performance data. 

Network Monitor Driver — A software component that 
enables a Microsoft-based server or workstation NIC to 
gather network performance data for assessment by 
Microsoft Network Monitor. 

Network News Transfer Protocol (NNTP) — A 
TCP/IP-based protocol used by NNTP servers to 
transfer news and informational messages to client sub- 
scribers who compose “newsgroups.” 

network operating system (NOS) — Software that 
enables computers on a network to communicate 
and to share resources and files. 

network-compatible program — Software that can 
operate in a multiuser environment using network 
or e-mail communication APIs. 

NT File System (NTFS) — The native Windows 2000 
file system, which has a more detailed directory struc- 
ture than FAT and supports security measures not found 
in FAT. It also supports large disks, long filenames, and 
file compression. 

object — A network resource, such as a server or a user 
account, which has distinct attributes or properties, 
which is usually defined to a domain, and which exists 
in the Windows 2000 Active Directory. 

Open Database Connectivity (ODBC) — A set of 
rules developed by Microsoft for accessing databases and 
providing a standard doorway to database data. 

Open Datalink Interface (ODI) — A driver that is 
used by Novell NetWare networks to transport multi- 
ple protocols on the same network. 
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Open Shortest Path First (OSPF) protocol — A 
TCP/IP-based routing protocol that can evaluate net- 
work paths and match a type of transmission, such as 
data or video, to the appropriate network path. 

OpenGL — A standard for multidimensional graphics used 
in Microsoft’s 3-D screen savers. 

organizational unit (OU) — A grouping of Active 
Directory objects, usually within a domain, that pro- 
vides a means to establish specific policies for govern- 
ing those objects and that enables object management 
to be delegated. 

ownership — Having the privilege to change permissions 
and to fully manipulate an object. The account that cre- 
ates an object, such as a folder or printer, initially has 
ownership. 

packet — A unit of data that is transmitted on a network, 
and contains control and address information as well rout- 
ing information. 

page file — Disk space reserved for use when memory 
requirements exceed the available RAM. 

page-description language (PDL) — Printing instruc- 
tions involving a programming code that produces 
extremely high-quality printing with extensive font 
options. 

paging — Moving blocks of information from RAM to 
virtual memory on disk. 

partition — A process in which a hard disk section or a 
complete hard disk is set up for use by an operating sys- 
tem. A disk can be formatted after it is partitioned. 

partition table — Table containing information about each 
partition on a disk, such as the type of partition, size, and 
location. Also, the partition table provides information to 
the computer about how to access the disk. 

Password Authentication Protocol (PAP) — A non- 
encrypted plaintext password authentication protocol. 
This represents the lowest level of security for exchang- 
ing passwords via PPP or TCP/IP. Shiva PAP (SPAP) is 
a version that is used for authenticating remote access 
devices and network equipment manufactured by Shiva 
(now part of Intel Corporation). 

peer-to-peer network — A network on which any com- 
puter can communicate with other networked comput- 
ers on an equal or peerlike basis without going through 
an intermediary, such as a server or host. 

per seat licensing — A server software license that 
requires that there be enough licenses for all network 
client workstations. 

per server licensing — A server software license based on 
the maximum number of clients that log on to the server 
at one time. 

performance log — Tracks system and network perfor- 
mance information in a log that can be viewed later or 
imported into a spreadsheet, such as Microsoft Excel. 

Peripheral Computer Interface (PCI) — A computer 
bus design that supports 32-bit and 64-bit bus com- 


munication for high-speed operations. 


permissions — In Windows 2000, privileges to access and 
manipulate resource objects, such as folders and print- 
ers; for example, privilege to read a file, or to create a 
new file. 

physical address — Also called a device address, a unique 
hexadecimal number associated with a device’s network 
interface card. 

Plug and Play (PnP) — Ability of added computer hard- 
ware, such as an adapter or modem, to identify itself to 
the computer operating system for installation. 

Point-to-Point Protocol (PPP) — A widely used remote 
communications protocol that supports IPX/SPX, 
NetBEUI, and TCP/IP for point-to-point communication 
(for example, between a remote PC and a Windows 2000 
server on a network). 

Point-to-Point Tunneling Protocol (PPTP) — A 
remote communications protocol that enables connectiv- 
ity to a network through the Internet and connectivity 
through intranets and VPNs. 

pointer (PTR) resource record — A record in a DNS 
reverse lookup zone that consists of an IP (version 4 or 6) 
address correlated to a computer name. 

Portable Operating System Interface (POSIX) — 
Standards set by the Institute of Electrical and Electronics 
Engineers (IEEE) for portability of applications. 

PostScript printer — A printer that has special firmware 
or cartridges to print using a page-description 
language (PDL). 

Preboot eXecution Environment (PXE) — Services 
on a Windows 2000 remote-boot-enabled ROM or a 
remote boot disk that enable a prospective client to 
obtain an IP address and to connect to a RIS server in 
order to install Windows 2000 Professional. 

primary group — A group designation used when setting 
up a Windows 2000 server account for workstations run- 
ning Macintosh or POSIX. Windows 2000 Server requires 
that these systems be members of a global security group. 

primary partition — Partition or portion of a hard disk 
that is bootable. 

print client — Client computer that generates a print job. 

print device — A device, such as a printer or fax, that uses 
the Spooler services in Windows 2000 Server. 

print queue — A stack or line-up of print jobs, with the 
first job submitted at the top of the stack, the last job 
submitted at the bottom, and all of the jobs waiting to 
be sent from the spooler to the printer. 

print server — Network computer or server device that 
connects printers to the network for sharing and that 
receives and processes print requests from print clients. 

Printer Control Language (PCL) — A printer language 
used by non-PostScript Hewlett-Packard and compatible 
laser printers. 

printer driver — A file containing information needed to 
control a specific printer, implementing customized 
printer control codes, font, and style information. 


printer pooling — Linking two or more identical print- 
ers with one printer setup or printer share. 

privileged mode — A protected memory space allocated 
for the Windows 2000 kernel that cannot be directly 
accessed by software applications. 

process — An executable program that is currently run- 
ning, such as Microsoft Word. A process may launch 
additional processes that are linked to it, such as a Help 
process to view documentation or a search process to 
find a file. 

process tree — All of the processes that run directly or 
indirectly in association with an original process. 

processor cache — A special data storage area used only 
by the system processor and located on either the 
processor chip or a chip separate from the processor. 

promiscuous mode — The process of capturing and 
viewing the contents of all frames and packets sent 
across a NIC or network device, regardless of the desti- 
nation of those frames and packets. 

protocol — A strictly defined set of rules for communica- 
tion across a network that specifies how networked data 
is formatted for transmission, how it is transmitted, and 
how it is interpreted at the receiving end. 

Quality of Service (QoS) — Mechanisms used to mea- 
sure and allocate network resources on the basis of 
transmission speed, quality, throughput, and reliability. 

RAID-5 volume — Three or more dynamic disks that 
use RAID level 5 fault tolerance through disk striping 
and creating parity blocks for data recovery. 

recovery console — A recovery tool that enables you to 
access the Windows 2000 Server command line to per- 
form recovery and troubleshooting operations. The 
recovery console can be added as a boot option, started 
from the Windows 2000 Server CD-ROM, or from the 
Windows 2000 Server floppy installation disks. 

Reduced Instruction Set Computer (RISC) — A 
computer that has a CPU that requires fewer instruc- 
tions for common operations. The processor works 
faster because the commands to the CPU are reduced. 

redundant array of inexpensive (or independent) 
disks (RAID) — A set of standards designed to extend 
the life of hard disk drives and to prevent data loss from 
a hard disk failure. 

Registry — A database used to store information about 
the configuration, program setup, devices, drivers, and 
other data important to the setup of a computer run- 
ning Windows 2000, Windows NT, Windows 98, or 
Windows 95. 

relative distinguished name (RDN) — An object name 
in the Active Directory that has two or more related 
components, such as the RDN of a user account name 
that consists of User and the first and last name of the 
actual user. 

Remote Access Services (RAS) — Microsoft software 
services that enable off-site workstations to access a 
Windows 2000 server through telecommunications 
lines, the Internet, or intranets. 
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Remote Authentication Dial-In User Service 
(RADIUS) — A protocol and service set up on one 
RAS or VPN server, for example in a domain, when 
there are multiple RAS or VPN servers to coordinate 
authentication and to keep track of remote dial-in statis- 
tics for all RAS and VPN servers. 

Remote Installation Services (RIS) — Services 
installed on a Windows 2000 Server that enable you to 
remotely install Windows 2000 Professional on one or 
more client computers. 

replica set — A grouping of shared folders in a Dfs root 
that are replicated or copied to all servers that partici- 
pate in Dfs replication. When changes are made to Dfs 
shared folders, all of the participating servers are auto- 
matically or manually synchronized so that they have 
the same copy. 

resource — On a Windows 2000 Server network, a server, 
shared printer, or shared directory that can be accessed 
by users. On workstations as well as servers, a resource is 
an IRQ, I/O address, or memory that is allocated to a 
computer component, such as a disk drive or communi- 
cations port. 

Resource Reservation Protocol (RSVP) — Enables an 
application to reserve the network resources it needs, such 
as network paths with higher speeds. 

reverse lookup zone — A DNS server zone or table that 
maps IP addresses to computer names. 

rights — In Windows 2000, access privileges for high-level 
activities such as logging on to a server from the net- 
work, shutting down a server, and logging on locally. 

roaming profile — Desktop settings that are associated 
with an account so that the same settings are employed 
no matter which computer is used to access the account 
(the profile is downloaded to the client). 

robotic library — A library of removable media and drives 
in which multiple media, such as tapes, can be mounted 
and dismounted automatically. 

root key — Also called a subtree, the highest category of 
data contained in the Registry. There are five root keys. 

router — A device that connects networks, that can read 
IP addresses, and that can route packets to designated 
networks, because it reads routing information in pack- 
ets (Layer 3) and keeps tables of information about the 
fastest route from one network to another. 

Routing Information Protocol (RIP) — A TCP/IP- 
based protocol that enables routing devices to share 
information about a network. 

Run as / runas — A shortcut menu and command-line 
option that enables you to run a Windows 2000 pro- 
gram or utility from one account, such as Administrator, 
while logged on as another account. 

safe mode — A boot mode that enables Windows 2000 
Server to be booted using the most generic default set- 
tings—such as settings for the display, disk drives, and 
pointing device—and only those services needed to 
boot a basic configuration. 
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scalable — A computer operating system that can be used 
on small to large computers with a single Intel-based 
processor and on larger computers, such as those with 
multiple processors. 

schema — Elements used in the definition of each object 
contained in the Active Directory, including the object 
class and its attributes. 

scope — The reach of a type of group, such as access to 
resources in a single domain or access to all resources 
in all domains in a forest (see domain local, global, and 
universal groups). (Another meaning for the term 
scope is the beginning through ending IP addresses 
defined in a DHCP server for use by DHCP clients. 

Secure Sockets Layer (SSL) — A dual-key encryption 
standard for communication between an Internet server 
and a client. 

Secure Sockets Layer/Transport Layer Security 
(SSL/TLS) — An authentication method that uses cer- 
tificates to verify users’ right to access a remote server, 
such as a Web server. 

security descriptor — An individual security property 
associated with a Windows 2000 Server object, for 
example to enable the account MGardner (the security 
descriptor) to access the folder, Databases. 

security group — A group of Windows 2000 Server 
users that assign access privileges to objects and ser- 
vices. Security groups appear in ACLs. 

security log — An event log that records access and secu- 
rity information about logon accesses and file, folder, 
and system policy changes. 

separate forest — An Active Directory model that links 
two or more forests in a partnership; however, the forests 
cannot have Kerberos transitive trusts or use the same 
schema. 

Sequence Packet Exchange (SPX) — A Novell connec- 
tion-oriented protocol used for network transport when 
there is a particular need for data reliability (see Internet 
Packet Exchange). 

Serial Line Internet Protocol (SLIP) — An older 
remote communications protocol that is used by UNIX 
computers. The modern compressed SLIP (CSLIP) ver- 
sion uses header compression to reduce communica- 
tions overhead. 

server — A single computer that provides extensive multi- 
user access to network resources. 

server-based network — A model in which access to the 
network, and resources, and the management of 
resources, is accomplished through one or more servers. 

Service Advertising Protocol (SAP) — An IPX/SPX- 
compatible protocol that is used by NetWare clients to 
identify servers and the network services provided by 
each server. 

service ticket — A Kerberos security key that gives a 
client access to specific services on a server or in a 
domain for a designated period of time. 

share permissions — Special permissions that apply to a 
particular shared object, such as a shared folder or printer. 


shared disk model — Linking two or more servers to 
operate as one and to equally share resources that 
include disk, CD-ROM, and tape storage. 

shared nothing model — Linking two or more servers 
to operate as one, but with each owning particular disk, 
CD-ROM, and tape resources. 

Shiva Password Authentication Protocol (SPAP) — 
See Password Authentication Protocol. 

Simple Mail Transfer Protocol (SMTP) — An e-mail 
protocol used by systems having TCP/IP network 
communications. 

Simple Network Management Protocol (SNMP) — A 
TCP/IP-based protocol that enables servers, worksta- 
tions, and network devices to gather standardized data 
about network performance and identify problems. 

simple volume — A portion of a disk or an entire disk 
that is set up as a dynamic disk. 

single forest — An Active Directory model in which 
there is only one forest, with interconnected trees and 
domains that use the same schema and global catalog. 

site — An option in the Active Directory to interconnect 
IP subnets so that the server can determine the fastest 
route to connect clients for authentication and to con- 
nect DCs for replication of the Active Directory. Site 
information also enables the Active Directory to create 
redundant routes for DC replication. 

site link bridge — An Active Directory object that com- 
bines individual site link objects to create faster routes, 
when there are three or more site links. 

site link object — An object created in the Active 
Directory to indicate one or more physical links 
between two different sites. 

slip streaming — Installing only a specific portion of a 
service pack instead of the entire update. 

Small Computer System Interface (SCSI) — A 32- or 
64-bit computer adapter that transports data between 
one or more attached devices, such as hard disks, and 
the computer. There are several types of SCSI adapters, 
including SCSI, SCSI-2, SCSI-3, wide SCSI, narrow 
SCSI, wide Ultra SCSI, and Ultra2 SCSI. All are used to 
provide high-speed data transfer to reduce bottlenecks 
within the computer. 

smart card — A security device that contains information 
such as access keys, passwords, and a personal identifica- 
tion number (PIN). The smart card is about the size of a 
credit card and can be plugged into a computer. 

spanned volume — Two or more Windows 2000 dynamic 
disks that are combined to appear as one disk. 

spool file — A print file written to disk until it can be 
transmitted to a printer. 

spooler — In the Windows 95, 98, NT, and 2000 environ- 
ment, a group of DLLs, information files, and programs 
that processes print jobs for printing. 

spooling — A process working in the background to 
enable several print files to go to a single printer. Each 
file is placed in temporary storage until its turn comes 
to be printed. 


standalone drive library — A library consisting of media 
and a drive, in which the media are mounted manually 
one at a time. 

standalone server — A server that is not a member of a 
domain, but that is a member of an existing workgroup 
or that establishes its own workgroup, such as in peer- 
to-peer networking. 

standby — A mode in which the computer components 
are shut down and information in memory is cleared 
without automatically saving it to disk. The power sup- 
ply and CPU remain active, waiting to start up all 
components when you press a key or move the mouse. 

static addressing — An IP (Internet Protocol) address- 
ing method that requires the network administrator to 
manually assign and set up a unique network address 
on each workstation connected to a network. 

streaming — Playing a multimedia audio, video, or 
combined file received over a network before the 
entire file is received at the client. 

stripe set — Two or more basic disks set up so that files 
are spread in blocks across the disks. 

striped volume — Two or more dynamic disks that use 
striping so that files are spread in blocks across the disks. 

striping — A data storage method that breaks up data files 
across all volumes of a disk set to minimize wear on a 
single volume. 

subkey — A key within a Registry key, similar to a sub- 
folder under a folder. 

subnet mask — A designated portion of an IP address 
that is used to indicate the class of addressing on a net- 
work and to divide a network into subnetworks as a 
way to control traffic and enforce security. 

subtree — Same as root key. 

symmetric multiprocessor (SMP) — A type of computer 
with two or more CPUs that share the processing load. 

system log — An event log that records information 
about system-related events such as hardware errors, dri- 
ver problems, and hard drive errors. 

System Monitor — The Windows 2000 utility used to 
track system or application objects. For each object type 
there are one or more counters that can be logged for 
later analysis, or tracked in real time for immediate sys- 
tem monitoring. 

system partition — Partition that contains boot files, such 
as Boot.ini and Ntldr in Windows 2000 Server. 

SYSVOL — A shared folder that is set up when the 
Active Directory is installed and that contains publicly 
available files that users and DCs need for domain 
access. SYSVOL folders are replicated among DCs. 

T-carrier — A dedicated leased telephone line that can 
be used for data communications over multiple chan- 
nels for speeds of up to 44.736 Mbps. 

Telephone Application Programming Interface 
(TAPI) — An interface for communications line devices 
(such as modems) that provides line device functions, 
such as call holding, call receiving, call hang-up, and call 


forwarding. 
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Telnet — A TCP/IP application protocol that provides ter- 
minal emulation services. 

terminal — A device that consists of a monitor and key- 
board, used to communicate with host computers that 
run the programs. The terminal does not have a 
processor to use for running programs locally. 

terminal adapter (TA) — Popularly called a digital 
modem, links a computer or a fax to an ISDN line. 

terminal server — A server configured to offer terminal 
services so that clients can run applications on the server, 
which is similar to having clients respond as terminals. 

thin client — A specialized personal computer or terminal 
device that has a minimal Windows-based operating sys- 
tem. A thin client is designed to connect to a host com- 
puter that does most or all of the processing. The thin 
client is mainly responsible for providing a graphical 
user interface and network connectivity. 

thread — A block of program code executing within a 
running process. One process may launch one or more 
threads. 

token ring — Using a ring topology, a network transport 
method that passes a token from node to node. The 
token is used to coordinate transmission of data, because 
only the node possessing the token can send data. 

topology — The physical layout of the cable and the logi- 
cal path followed by network packets and frames sent 
on the cable. 

total cost of ownership (TCO) — The cost of installing 
and maintaining computers and equipment on a net- 
work, which includes hardware, software, maintenance, 
and support costs. 

transitive trust — A trust relationship between two or 
more domains in a tree in which each domain has 
access to objects in the others. 

Transmission Control Protocol/Internet Protocol 
(TCP/IP) — A protocol that is particularly well suited 
for medium and large networks. The TCP portion was 
originally developed to ensure reliable connections on 
government, military, and educational networks. It per- 
forms extensive error checking to ensure data is deliv- 
ered successfully. The IP portion consists of rules for 
packaging data and ensuring it reaches the correct des- 
tination address. 

trap — A specific situation or event detected by SNMP 
that a network administrator may want to be warned 
about or to track via a network management station, for 
example, when a network device is unexpectedly down 
or offline. 

tree — Related Active Directory domains that use a con- 
tiguous namespace, share the same schema, and have two- 
way, transitive trust relationships. 

trigger — A method used to have Network Monitor per- 
form a specific function when a predefined situation 
occurs, for example, stopping a capture of network data 
when the capture buffer is 50% full. 

trusted domain — A domain that has been granted secu- 
rity access to resources in another domain. 
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trusting domain — A domain that allows another 
domain security access to its resources and objects, such 
as servers. 

two-way trust — A domain relationship in which 
both domains are trusted and trusting, enabling one 
to have access to objects in the other. 

unicast — A transmission method in which one copy of 
each packet is sent to each targeted destination; a trans- 
mission method that can generate considerable network 
traffic when compared to multicasting, when the trans- 
mission is a multimedia application. 

Uniform Resource Locator (URL) — An addressing 
format used to find an Internet Web site or page. 

uninterruptible power supply (UPS) — A device built 
into electrical equipment or a separate device that pro- 
vides immediate battery power to equipment during a 
power failure or brownout. 

uniqueness database file (UDF) — A text file that con- 
tains an answer set of unique instructions for installing 
Windows 2000 in the unattended mode and that is used 
with an answer file. 

Universal Disk Format (UDF) — A removable-disk for- 
matting standard used for large capacity CD-ROMs and 
DVD-ROMs. 

Universal Modem Driver — A modem driver standard 
used on recently developed modems. 

Universal Naming Convention (UNC) — A naming 
convention that designates network servers, computers, 
and shared resources. The format for a UNC name is 
\\Servername [or Computername]\Sharename\Folder\File. 

universal security group — A group that is used to pro- 
vide access to resources in any Active Directory domain 
within a forest. A common implementation is to make 
global groups that contain accounts members of a uni- 
versal group that has access to resources. 

universal serial bus (USB) — A bus standard that 
enables you to attach all types of devices—keyboards, 
cameras, pointing devices, telephones, and tape drives, 
for example —to one bus port on a computer. Up to 
127 devices can be attached to one port, and it is not 
necessary to power off the computer when you attach a 
device. USB was developed to replace the traditional 
serial and parallel bus technologies on computers. 

User Datagram Protocol (UDP) — A protocol used 
with IP as an alternative to TCP and that offers low- 
overhead connectionless communications. 

user mode — A special operating mode in Windows 2000 
used for running programs in a memory area kept sepa- 
rate from that used by the kernel and in which the 
program cannot access the kernel or operating system 
services except through an API. 

user principle name (UPN) — A name that combines an 
account name with the domain name, such as 
RobBrown@tracksport.org, for easy identification, such as 
in e-mail. 

value — A data parameter in the Registry stored as a value 
in decimal, binary, or text format. 


virtual directory — A URL-formatted address that pro- 
vides an Internet location (virtual location) for an 
actual folder on a Web server that is used to publish 
Web documents. 

virtual DOS machine — In Windows 2000, a process 
that emulates an MS-DOS window in which to run 
MS-DOS or 16-bit Windows programs in a designated 
area of memory. 

virtual memory — Disk space allocated to link with 
memory to temporarily hold data when there is not 
enough free RAM. 

virtual private network (VPN) — A private network 
that is like a tunnel through a larger network—such as 
the Internet, an enterprise network, or both—that is 
restricted to designated member clients only. 

volume — A basic disk partition that has been formatted 
for a particular file system, a primary partition, a volume 
set, an extended volume, a stripe set, a stripe set with 
parity, or a mirror set. Or a dynamic disk that is set up 
as a simple volume, spanned volume, striped volume, 
RAID-5 volume, or mirrored volume. 

volume set — Two or more formatted basic disk parti- 
tions (volumes) that are combined to look like one 
volume with a single drive letter. 

Web browser — Software that uses HTTP to locate and 
communicate with Web sites and that interprets HTML 
documents, video, and sound to give the user a sound 
and video GUI presentation of the HTML document 
contents. 

Windows Internet Naming Service (WINS) — A 
Windows 2000 Server service that enables the server to 
convert workstation names to IP addresses for Internet 
communication. 

Windows NT LAN Manager (NTLM) — An authenti- 
cation protocol used in Windows NT Server 3.5, or 
3.51, and 4.0 that is retained in Windows 2000 Server 
for backward compatibility with clients that cannot sup- 
port Kerberos, such as MS-DOS and Windows 3.1x. 

workgroup — As used in Microsoft networks, a number 
of users who share drive and printer resources in an 
independent peer-to-peer relationship. 

working set — Amount of RAM allocated to a running 
process. 

workstation — A computer that has its own CPU and 
may be used as a standalone computer for word process- 
ing, spreadsheet creation, or other software applications. 
It also may be used to access another computer such as 
a mainframe computer or file server, as long as the nec- 
essary network hardware and software are installed. 

X.25 — An older packet-switching protocol for connect- 
ing remote networks at speeds up to 2.048 Mbps. 

Zero Administration for Windows (ZAW) — A com- 
bination of management options and tools that enable 
an organization to reduce the total cost of ownership 


(TCO). 


